Qualcomm Bitra_firmware
38 CVEs affecting Qualcomm Bitra_firmware. Latest disclosed: 2020-11-02. Critical: 4, High: 30.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-3703 | Critical | 9.8 | 2020-11-02 | u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is… |
CVE-2020-3673 | Critical | 9.8 | 2020-11-02 | u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapd… |
CVE-2020-3654 | Critical | 9.8 | 2020-11-02 | u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Co… |
CVE-2020-11116 | Critical | 9.8 | 2020-09-08 | u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Comput… |
CVE-2020-3694 | High | 7.8 | 2020-11-02 | u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdra… |
CVE-2020-3693 | High | 7.8 | 2020-11-02 | u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdr… |
CVE-2020-3690 | High | 7.8 | 2020-11-02 | u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon… |
CVE-2020-3684 | High | 7.8 | 2020-11-02 | u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in… |
CVE-2020-3638 | High | 7.8 | 2020-11-02 | u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snap… |
CVE-2020-11174 | High | 7.8 | 2020-11-02 | u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdrago… |
CVE-2020-11164 | High | 7.8 | 2020-11-02 | u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon… |
CVE-2020-11162 | High | 7.8 | 2020-11-02 | u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon… |
CVE-2020-11125 | High | 7.8 | 2020-11-02 | u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Comp… |
CVE-2020-11129 | High | 7.8 | 2020-09-09 | u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdr… |
CVE-2020-3646 | High | 7.8 | 2020-09-08 | u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IO… |
CVE-2020-3640 | High | 7.8 | 2020-09-08 | u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls t… |
CVE-2020-3629 | High | 7.8 | 2020-09-08 | u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes'… |
CVE-2020-3622 | High | 7.8 | 2020-09-08 | u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can result… |
CVE-2020-11128 | High | 7.8 | 2020-09-08 | u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon Auto, Snapdragon Compute, Sn… |
CVE-2020-11120 | High | 7.8 | 2020-09-08 | u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid… |